ABSTRACT 

[0095] Enforcing a plurality of different policies on a stream of packets is disclosed. In 
lieu of running separate algorithms for each policy, the system exploits the commonalities of all 
of the policies. The conditions corresponding to the compiled rules are arranged in a condition 
tree and processed in a pipelined architecture that allows the results of the various stages to be 
carried forward into subsequent stages of processing. The rules for which all conditions have 
been satisfied can be identified by one stage of processing in one pass of condition tree traversal 
and are passed to subsequent stages. A rule table corresponding to an individual policy type can 

then be readily examined to determine partial or complete satisfaction of the rule of that policy 
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type, without requiring a re-examination of the conditions underlying the rule. Additionally, 
corresponding actions can be taken where rule satisfaction is determined. This approach allows 
extremely high-speed policy enforcement performance. 
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